WHAT IS CLAIMED IS: 



1 LA method performed by a custodian to share a secret S among n secret 

2 owners, the method comprising the steps of: 

3 choosing two large primes P and Q; 

4 computing a product N = PQ\ 

5 computing a product M = (P- 1 ){Q- 1 ); 

6 choosing n random numbers q x through q n that are relatively prime to M; 

7 determining a number d such that a product of q x through q n and d mod M 

8 equals one; 

9 computing S rf ; 

10 distributing n secret owner pieces to each of the n secret owners, wherein each 

14 of the secret owner pieces includes S 1 and one of the numbers q x through q„; and 
12 deleting the secret 5, P, Q, M, q x through q n , and d. 

1 2. A method as in claim 1, the method further comprising the steps of: 

2 receiving a first of the n secret owner pieces from one of the n secret owners; 
"3 and 

4 computing and storing S' = ^ 5 mod iV, where q represents the one of the 

15 numbers q x through q n contained in the first of the n secret owner pieces. 

1 3. A method as in claim 2, the method further comprising the steps of: 

2 receiving a second of the n secret owner pieces from another one of the n 

3 secret owners; 

4 computing S* 1 mod N, where q represents the one of the numbers q x through 

5 q n contained in the second of the n secret owner pieces; and replacing S' with S* 1 mod N. 

1 4. A method as in claim 3, further comprising the step of: 

2 each time another of the secret owner pieces is received from another one of the n secret 

3 owners; 
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4 computing S* 1 mod N, where q represents the one of the numbers q 1 through 

5 q„ contained in another of the n secret owner pieces; and replacing S' with S* 1 mod N. 

1 5. A method performed by a custodian to share a secret S among n secret 

2 owners, the method comprising the steps of: 

3 choosing two large primes P and Q\ 

4 computing a product N = PQ; 

5 computing a product M = {P-\){Q- 1 ); 

6 choosing n+l random numbers q A through q n and d' that are relatively prime 

7 to M; 

8 determining a number d such that a product of q x through q n ,d',andd mod M 

9 equals one; 

10 computing 5^ ; 

1 1 distributing n secret owner pieces to each of the n secret owners, wherein each 

12 of the secret owner pieces includes S 1 and one of the numbers q 1 through q n ; and 

13 deleting the secret 5, P, Q, M, q l through q n , and d. 

1 6. A method as in claim 5, the method further comprising the steps of: 

_2 receiving a first of the n secret owner pieces from one of the n secret 

3 owners; and 

4 computing and storing S ' = ^ q mod N, where q represents the one of the 

5 numbers q x through q n contained in the first of the n secret owner pieces. 

1 7. A method as in claim 6, the method further comprising the steps of: 

2 receiving a second of the n secret owner pieces from another one of the n 

3 secret owners; 

4 computing S* 1 mod N, where q represents the one of the numbers q 1 through 

5 q n contained in the second of the n secret owner pieces; and 

6 replacing S ' with S * mod N. 
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1 8. A method as in claim 7, further comprising the step of: 

2 each time another of the secret owner pieces is received from another one of 

3 the n secret owners; 

4 computing S* 1 mod N, where q represents the one of the numbers q x through 

5 q n contained in the another of the n secret owner pieces; and 

6 replacing S ' with S * mod N. 

1 9. A method as in claim 8, further comprising the steps of: 

2 after all n secret owner pieces has been received; 

3 computing S ** mod N; and 

4 replacing S' with S* 1 mod TV. 

1 10. A method performed by a custodian to share a secret S among n secret 

2 owners such that any k of the n secret owners may reconstruct the secret, the method 
"3 comprising the steps of: 

4 choosing two large primes P and Q, such that PQ is greater than S; 

5 computing and storing a product N = PQ; 

6 computing and storing a product M = (P-l)(Q-l); 

J choosing n random numbers e x through e n that are relatively prime to TV; 

8 choosing another random number e that is relatively prime to N; 

9 choosing n numbers dj through d„ such that etdt mod M equals one for 

10 l<i<n; 

1 1 choosing another number d such that e d mod M is equal to one; 

12 generating and storing a database of ^ j values, where each value is the 

13 product of d and a unique k of the di numbers for 1 < i < n ; 

14 deleting P, Q, and M; 

15 computing Sf; 

16 distributing n secret owner pieces to each of the n secret owners, wherein each 

17 of the secret owner pieces includes Sf and one of the numbers e x through e n ; and 

18 deleting the secret S and e 1 through e n , e, d x through d„, and d. 
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1 1 1 . A method as in claim 10, the method further comprising the steps of: 

2 receiving a first of the n secret owner pieces from one of the n secret owners; 

3 and 

4 computing and storing S' = mod N, where / represents the one of the 

5 numbers e, through e„ contained in the first of the n secret owner pieces. 

1 12. A method as in claim 1 1 , the method further comprising the steps of: 

2 receiving a second of the n secret owner pieces from another one of the n 

3 secret owners; 

4 computing S * mod N, where q represents the one of the numbers e, through 
3 e„ contained in the second of the n secret owner pieces; and replacing S ' with S* 1 mod N. 

1 13. A method as in claim 12, further comprising the step of: 

2 each time another of the secret owner pieces is received from another one of 

3 the n secret owners; 

4 computing S* 1 mod N, where q represents the one of the numbers e, through 

5 e n contained in the another of the n secret owner pieces; and replacing S' with S* 7 mod N. 

1 14. A method as in claim 13, further comprising the steps of: 

2 after k secret owner pieces have been received, 

3 retrieving from the database a value c from among the ^ j values, wherein the 

4 value c corresponds to the k secret owner pieces that were received by the custodian; 

5 computing S* mod iV; and 

6 replacing S ' with S 10 mod N. 

1 1 5. A method performed by a custodian to share a secret S among n secret 

2 owners such that any k of the n secret owners may reconstruct the secret, the method 

3 comprising the steps of: 
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4 choosing two large primes P and Q, such that PQ is greater than S; 

5 computing and storing a product N = PQ; 

6 computing and storing a product M= 

7 choosing n random numbers e l through e„ that are relatively prime to N; 

8 choosing random numbers e and e ' that are relatively prime to N; 

9 choosing n numbers through d„ such that e t di mod M equals one for 

10 1 < i < n ; 

1 1 choosing numbers d and d ' such that ed mod M is equal to one and such that 

12 e'd' mod M is equal to one; 

13 generating and storing a database of values, where each value is the 

14 product of d and a unique k of the numbers for 1 < i < n ; 

1 5 deleting P, Q, and M; 

16 computing ^ e ; 

1 7 distributing » secret owner pieces to each of the n secret owners, wherein each 

1 8 of the secret owner pieces includes S 66 ' and one of the numbers e, through e n ; and 

19 deleting the secret S and e, through e„, e, c/, through and d. 

1 1 6. A method as in claim 1 5, the method further comprising the steps of: 

-2 receiving a first of the n secret owner pieces from one of the n secret owners; 

3 and 

4 computing and storing S' = <S* e ^mod N, where/represents the one of the 

5 numbers e, through e n contained in the first of the n secret owner pieces. 

1 1 7. A method as in claim 1 6, the method further comprising the steps of: 

2 receiving a second of the n secret owner pieces from another one of the n 

3 secret owners; 

4 computing S* 1 mod N, where q represents the one of the numbers e x through 

5 e n contained in the second of the n secret owner pieces; and replacing S' with mod N. 

1 1 8. A method as in claim 1 7, further comprising the step of: 
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2 each time another of the secret owner pieces is received from another one of 

3 the n secret owners; 

4 computing S" 1 mod N, where q represents the one of the numbers e x through 

5 e n contained in the another of the n secret owner pieces; and replacing S ' with S * mod N. 

1 19. A method as in claim 18, further comprising the steps of: 

2 after k secret owner pieces have been received, 

3 retrieving from the database a value c from among the ^ j values, wherein the 

4 value c corresponds to the k secret owner pieces that were received by the custodian; 

5 computing S * mod TV; 

-6 replacing S ' with S* mod N; 

7 computing S* 1 mod TV; and 

8 replacing S ' with S* 1 ' mod N. 

1 20. A method performed by a custodian to share a secret among n secret 

2 owners such that any k of the n secret owners may reconstruct the secret, the method 

3 comprising the steps of: 

4 encrypting the secret so as to generate an encrypted secret; 

5 deleting the secret; and 

6 performing a forward k out of n secret sharing algorithm on the encrypted 

7 secret so as to generate n secret owner pieces. 

1 2 1 . A method as in claim 20, further comprising the step of: 

2 distributing the n secret owner pieces to the n secret owners. 

1 22. A method as in claim 21, further comprising the step of: 

2 receiving k secret owner pieces from k secret owners. 

1 23. A method as in claim 22, further comprising the step of: 
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2 performing a reverse k out of n secret sharing algorithm on the k secret owner 

3 pieces so as to recreate the encrypted secret. 

1 24. A method as in claim 23, further comprising the step of: 

2 decrypting the encrypted secret so as to recreate the secret. 

1 25. A method as in claim 20, wherein the step of performing a forward k 

2 out of n secret sharing algorithm includes the steps of: 

3 dividing the encrypted secret into k pieces; and 

4 performing n polynomial evaluations at n points of a degree-A: polynomial 

5 using the k pieces of the encrypted secret as polynomial coefficients; 

6 wherein each of the k secret owner pieces includes a result of one of the n 

7 polynomial evaluations and a corresponding one of the n points. 

1 26. A method as in claim 25, further comprising the steps of: 

2 distributing the n secret owner pieces to the n secret owners; 

3 receiving k secret owner pieces from k secret owners; and 

4 performing a reverse k out of n secret sharing algorithm on the k secret owner 

5 pieces so as to recreate the encrypted secret; wherein the step of performing a reverse k out of 

6 n secret sharing algorithm includes the steps of generating a system of k linear equations and 

7 solving the system of k linear equations for the k pieces of the encrypted secret. 

1 27. A method as in claim 26, further comprising the step of: 

2 assembling the k pieces of the encrypted secret so as to recreate the encrypted 

3 secret; and 

4 decrypting the encrypted secret so as to recreate the secret. 

1 28. A computer readable storage medium having embodied thereon 

2 computer readable program code suitable for programming a computer to perform a method 

3 performed by a custodian to share a secret S among n secret owners, the method comprising 

4 the steps of: 
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5 choosing two large primes P and Q; 

6 computing a product N = PQ; 

7 computing a product M = (P- 1 )(Q- 1 ); 

8 choosing n random numbers q x through q„ that are relatively prime to M; 

9 determining a number a? such that a product of through q n and J mod M 

10 equals one; 

1 1 computing S 1 ; 

12 distributing n secret owner pieces to each of the n secret owners, wherein each 

13 of the secret owner pieces includes & 1 and one of the numbers q l through q n ; and 

14 deleting the secret S, P, Q, M, q l through q n , and d. 

: 1 29. A computer readable storage medium having embodied thereon 

:2 computer readable program code suitable for programming a computer to perform a method 

=3 performed by a custodian to share a secret S among n secret owners, the method comprising 

4 the steps of: 

°5 choosing two large primes P and Q; 

6 computing a product N = PQ; 

7 computing a product M = (P- 1 ){Q- 1 ); 

8 choosing »+l random numbers ^ through q n and <f ' that are relatively prime to 

9 M; 

1 0 determining a number J such that a product of q 1 through q n , d ', and d mod M 

1 1 equals one; 

12 computing^; 

13 distributing n secret owner pieces to each of the n secret owners, wherein each 

14 of the secret owner pieces includes 5^ and one of the numbers q x through q„; and 

1 5 deleting the secret S, P, Q, M, q x through q„, and d. 

1 30. A computer readable storage medium having embodied thereon 

2 computer readable program code suitable for programming a computer to perform a method 

3 performed by a custodian to share a secret S among n secret owners such that any k of the n 

4 secret owners may reconstruct the secret, the method comprising the steps of: 
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5 choosing two large primes P and Q, such that PQ is greater than S; 

6 computing and storing a product N = PQ; 

7 computing and storing a product M = (P- 1 )(Q- 1 ); 

8 choosing n random numbers e x through e n that are relatively prime to N; 

9 choosing another random number e that is relatively prime to TV; 

1 0 choosing n numbers d x through d„ such that e^,- mod M equals one for 

11 \<i<n; 

1 2 choosing another number d such that ed mod M is equal to one; 

13 generating and storing a database of ^ j values, where each value is the 

14 product of d and a unique k of the d t numbers for 1 < i < n ; 

1 5 deleting P, Q, and M; 

16 computing Sf; 

17 distributing n secret owner pieces to each of the n secret owners, wherein each 
L8 of the secret owner pieces includes 5* and one of the numbers e x through e„; and 

19 deleting the secret S and e x through e n , e, d x through d„, and d. 

1 3 1 . A computer readable storage medium having embodied thereon 

2 computer readable program code suitable for programming a computer to perform a method 

3 performed by a custodian to share a secret S among n secret owners such that any k of the n 

4 secret owners may reconstruct the secret, the method comprising the steps of: 

5 choosing two large primes P and Q, such that PQ is greater than S; 

6 computing and storing a product N = PQ; 

7 computing and storing a product M = (P- 1 ) (Q- 1 ) ; 

8 choosing n random numbers e x through e„ that are relatively prime to N; 

9 choosing random numbers e and e ' that are relatively prime to N; 

10 choosing n numbers d x through d n such that e t di mod M equals one for 

11 1 < i < n ; 

12 choosing numbers d and d ' such that ed mod M is equal to one and such that 

13 e'd' mod M is equal to one; 
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14 generating and storing a database of values, where each value is the 

1 5 product of d and a unique k of the d t numbers for 1 < i < n ; 

16 deleting P, Q, and M; 

17 computing^ 6 ; 

18 distributing n secret owner pieces to each of the n secret owners, wherein each 

19 of the secret owner pieces includes $f e ' and one of the numbers e, through e n ; and 

20 deleting the secret S and e l through e„, e, d 1 through d„, and d. 

1 32. A computer readable storage medium having embodied thereon 

2 computer readable program code suitable for programming a computer to perform a method 

3 performed by a custodian to share a secret among n secret owners such that any k of the n 
"4 secret owners may reconstruct the secret, the method comprising the steps of: 

-3 encrypting the secret so as to generate an encrypted secret; 

6 deleting the secret; and 

7 performing a forward k out of n secret sharing algorithm on the encrypted 

8 secret so as to generate n secret owner pieces. 

1 33. A computer comprising a processor and a computer readable storage 

2 medium coupled to the processor having embodied thereon processor readable program code 

3 suitable for programming the computer to perform a method performed by a custodian to 

4 share a secret S among n secret owners, the method comprising the steps of: 

5 choosing two large primes P and Q; 

6 computing a product N = PQ; 

7 computing a product M = (P-1)(£M); 

8 choosing n random numbers q l through g n that are relatively prime to M\ 

9 determining a number d such that a product of q l through q n and d mod M 

10 equals one; 

1 1 computing Sf 1 ; 

12 distributing n secret owner pieces to each of the n secret owners, wherein each 

13 of the secret owner pieces includes ^ and one of the numbers q l through q n ; and 
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14 deleting the secret S, P, Q, M, q l through q n , and d. 

1 34. A computer comprising a processor and a computer readable storage 

2 medium coupled to the processor having embodied thereon processor readable program code 

3 suitable for programming a computer to perform a method performed by a custodian to share 

4 a secret S among n secret owners, the method comprising the steps of: 

5 choosing two large primes P and Q; 

6 computing a product N = PQ; 

7 computing a product M=(P-l ){Q- 1 ); 

8 choosing n+l random numbers q } through q n and d' that are relatively prime to 

9 M; 

10 determining a number d such that a product of q 1 through q n , d ', and d mod M 

f 1 equals one; 

12 computing S*; 

13 distributing n secret owner pieces to each of the n secret owners, wherein each 

14 of the secret owner pieces includes S 1 and one of the numbers q 1 through q„; and 

1 5 deleting the secret S, P, Q, M, q l through q n , and d. 

1 35. A computer comprising a processor and a computer readable storage 

2 medium coupled to the processor having embodied thereon processor readable program code 

3 suitable for programming a computer to perform a method performed by a custodian to share 

4 a secret S among n secret owners such that any k of the n secret owners may reconstruct the 

5 secret, the method comprising the steps of: 

6 choosing two large primes P and Q, such that PQ is greater than S; 

7 computing and storing a product jV = PQ; 

8 computing and storing a product M = (P-l)(Q-l); 

9 choosing n random numbers e l through e n that are relatively prime to N; 

10 choosing another random number e that is relatively prime to iV; 

1 1 choosing n numbers d l through d n such that e t -di mod M equals one for 

12 \<i<n; 

1 3 choosing another number d such that ed mod M is equal to one; 
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14 generating and storing a database of ^ j values, where each value is the 

1 5 product of d and a unique k of the d t numbers for 1 < i < n ; 

16 deleting P, Q, and M; 

17 computing S?; 

1 8 distributing n secret owner pieces to each of the n secret owners, wherein each 

1 9 of the secret owner pieces includes ¥ and one of the numbers e, through e n \ and 

20 deleting the secret S and e x through e n , e, d x through d n , and d. 

1 36. A computer comprising a processor and a computer readable storage 

2 medium coupled to the processor having embodied thereon processor readable program code 

3 suitable for programming the computer to perform a method performed by a custodian to 

4 share a secret S among n secret owners such that any k of the n secret owners may reconstruct 

- 5 the secret, the method comprising the steps of: 

6 choosing two large primes P and Q, such that PQ is greater than S; 

- 7 computing and storing a product N = PQ; 

8 computing and storing a product M= (P-l)(Q-l); 

9 choosing n random numbers e, through e„ that are relatively prime to N; 

1 0 choosing random numbers eande' that are relatively prime to N; 

1 1 choosing n numbers d x through d„ such that e4i mod M equals one for 

12 l<i<n; 

1 3 choosing numbers d and d ' such that ed mod M is equal to one and such that 

14 e'd' mod M is equal to one; 

1 5 generating and storing a database of Q values, where each value is the 

1 6 product of d and a unique £ of the <i; numbers for 1 < / < n ; 

1 7 deleting P, Q, and M; 

18 computing S 6 *'; 

1 9 distributing « secret owner pieces to each of the n secret owners, wherein each 

20 of the secret owner pieces includes S 66 ' and one of the numbers e, through e n ; and 

2 1 deleting the secret S and ^ through e„, e, d x through d n , and d. 
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1 37. A computer comprising a processor and a computer readable storage 

2 medium coupled to the processor having embodied thereon processor readable program code 

3 suitable for programming the computer to perform a method performed by a custodian to 

4 share a secret among n secret owners such that any k of the n secret owners may reconstruct 

5 the secret, the method comprising the steps of: 

6 encrypting the secret so as to generate an encrypted secret; 

7 deleting the secret; and 

8 performing a forward k out of n secret sharing algorithm on the encrypted 

9 secret so as to generate n secret owner pieces. 
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